Skip to main content

How to enable user provisioning via SCIM with Entra ID (Formerly Azure AD)

Updated over a month ago

This article will walk you through configuring user provisioning via SCIM if you are using Entra ID.

Before you Start

Speak to your Customer Success Manager (CSM) and Account Manager (AM) about your options and the costs around setting up user provisioning via SCIM.

You may also want to discuss details such as what user domains you want to be able to use SCIM.

Getting started on the Skillcast application

To enable integration with Skillcast, some credentials and user details must be prepared. This setup is normally completed by your Customer Success Manager (CSM).

API access

Skillcast requires an API user and secure token to support user and data management. Your CSM will create this and ensure the correct permissions are applied. You do not need to take any action, but it is useful to be aware that an integration-specific API user and token will be used.

User attributes

You should confirm which additional user attributes you want to populate in Skillcast, such as fields used for audience groups or reporting. The exact attribute names in the Skillcast portal are important, as these must match when configuring Entra ID. Your CSM will help review and align these before setup is completed.

Connecting your Entra ID environment to your Skillcast Application

Entra ID custom Enterprise app

  1. Go to Azure Active Directory > Enterprise applications

  2. Choose + New application

  3. Choose + Create your own application

  4. Enter an app name and choose Integrate any other application you don't find in the gallery (Non-gallery). Then click Create.

  5. Under the heading manage, choose Provisioning, then Get started

Provisioning setup

  1. For Provisioning Mode select Automatic

  2. Enter the credentials:

    • Tenant URL: https://[clientid].skillcast.io/skillcastApi/scim
      Your client ID can be found in your Skillcast application URL which will look something like https://mycompany.e-learningportal.com/, the bold part of the URL is your client ID.

    • Secret Token this is the session ID you generated on the Skillcast app. You can find Session Details from the API management area of the portal. i.e. BDDDBB7A-CD39-431F-8B52EC014F4E895C


  3. Click Test Connection. Azure should return the message
    The supplied credentials are authorised to enable provisioning

  4. Click Save. Click the top right X to close.

  5. Choose Edit provisioning. A new section will be available called Mappings. Expand this section.

  6. Click Provision Azure Active Directory Groups

  7. Change Enabled to No. Click Save. Click Yes for Save changes. Then click Provisioning in the top breadcrumb.

Attribute setup

  1. Click Provision Azure Active Directory Users.

  2. At the bottom of the page click Show advanced options

  3. Click Edit attribute list for customappsso

  4. Scroll to the bottom of the attribute list. Create a new attribute for each Skillcast attribute that you wish to update.

    • Name: urn:scim:skillcast:User:[attribute] e.g. urn:scim:skillcast:User:Division

    • All other fields can be left blank

  5. Click save and under Are you sure you want to make these changes, choose yes. Click the top right X to close.

  6. Again, click Click Provision Azure Active Directory Usersand at the bottom of the table, clickAdd New Mapping`

  7. Using the previous details, add a new attribute

    • Mapping Type: Direct

    • Source Attribute: [relevant field]

    • Target Attribute: Your custom attribute, e.g. urn:scim:skillcast:User:Division

    • Others can be left as default

  8. Click ok

  9. When finished, click save
    A confirmation message may display, click Yes.

User matching (optional)

You may want to match users on their email address instead of the Entra ID default of username.

  1. Choose the field you wish to match users on. i.e. mail

  2. For Match objects using this attribute choose Yes. Press Ok

  3. Choose the attribute with a Matching precedence of 1

  4. For Match objects using this attribute choose No. Press Ok

  5. Edit the field from step 1, change the Matching precedence to 1. Press Ok

  6. Click Save
    A confirmation message may display, click Yes.

Add users to Enterprise application

  1. Within the Enterprise Application, choose User and groups

  2. Click Add user/group

  3. Depending on your Active Directory level, choose None Selected under Users

  4. Select the relevant users in the popup, click Select, click Assign

Test with Provision on demand

  1. Within the Enterprise Application, choose Provisioning

  2. Click Provision on demand

  3. Select a user, click Provision

Limitations and Considerations

  1. Provisioning via SCIM can only be enabled with one token linked to one domain. You will be unable to provision users into different domains using the same credentials/token.

  2. If you are using a different app to set up provisioning via SCIM the steps on the Skillcast platform will be the same; you should have similar steps on the other application however, you will need to seek guidance from that third party for exact details.

Did this answer your question?